Search form

Don't have an account?

User login

Labels, seals and trustmarks as evidence of a "privacy by design" approach

Valentin Gibello

28 January 2018

1 Like

0 Comments

The provisions of the GDPR on certification schemes and labels represent a significant incentive to abide by the "data protection by design" principle. As of May 25th, 2018, labels could serve as visible proof that technical and organisational measures were implemented in ICT products and...

Time horizon

May 2018

Desirability

Opportunity

However, adopting a "privacy by design" approach to manufacturing product or providing services could turn out to be a win-win relationship for businesses and consumers alike. Beyond the threat of sanctions, businesses are offered the opportunity to demonstrate their committment to protecting European values and fundamental rights, and win the trust of their customers.

Supportive of these efforts, the Regulation provides that approved certification mechanisms may be used to demonstrate compliance with the privacy by design principle.

Challenge

Article 25 of the General Data Protection Regulation requires data controllers to translate data protection principles in technical and organisational measures "both at the time of the determination of the means for processing and at the time of the processing itself". Service providers and products manufacturers targetting European citizens will need to integrate data protection requirements from the inception of building a new service or product.

Practically, this provision calls for the wide adoption of encryption, anonymisation or pseudonymisation techniques and other "Privacy-Enhancing Technologies", depending on the nature of the product and risks for fundamental rights.

Even though supervisory authorities shall take into account the cost of implementation, this essential principle will necessarily entail significant costs for businesses.